Commit Graph

651 Commits

Author SHA1 Message Date
Jonathan Lebon
271954a41c app: Add rpm-ostree compose extensions
This adds support for a new `rpm-ostree compose extensions` command`
which takes a treefile, a new extensions YAML file, and an OSTree repo
and ref. It performs a depsolve and downloads the extensions to a
provided output directory.

This is intended to replace cosa's `download-extensions`:
https://github.com/coreos/coreos-assembler/blob/master/src/download-extensions

The input YAML schema matches the one accepted by that script.

Some differences from the script:
- We have a guaranteed depsolve match and thus can avoid silly issues
  we've hit in RHCOS (like downloading the wrong `libprotobuf` for
  `usbguard` -- rhbz#1889694).
- We seamlessly re-use the same repos defined in the treefile, whereas
  the cosa script uses `reposdir=$dir` which doesn't have the same
  semantics (repo enablement is in that case purely based on the
  `enabled` flag in those repos, which may be different than what the
  rpm-ostree compose ran with).
- We perform more sanity-checks against the requested extensions, such
  as whether the extension is already in the base.
- We support no-change detection via a state SHA512 file for better
  integration in cosa and pipelines.
- We support a `match-base-evr` key, which forces the extension to have
  the same EVR as the one from a base package: this is helpful in the
  case of extensions which complement a base package, esp. those which
  may not have strong enough reldeps to enforce matching EVRs by
  depsolve alone (`kernel-headers` is an example of this).
- We don't try to organize the RPMs into separate directories by
  extension because IMO it's not at the right level. Instead, we should
  work towards higher-level metadata to represent extensions (see
  https://github.com/openshift/os/issues/409 which is related to this).

Closes: #2055
2021-01-23 17:12:09 +01:00
Colin Walters
a4487578a7 Remove some uses of goto out
All of these cases are actually fine, but in general we
can't use `goto out` since we started using C++ exceptions
which will skip that control flow.
2021-01-21 21:01:45 -05:00
Kelvin Fan
7586503ee2 vmcheck/test-misc-2: Fix $cursor variable
Minor cleanup.

Follow up from https://github.com/coreos/rpm-ostree/pull/2461/.
2021-01-20 15:20:41 -05:00
Colin Walters
402912e030 Make make check work again
Our CI isn't running the C unit tests because it goes via RPM,
and while we could potentially add `%check` there...I don't
quite want to do that right now since it also runs the Rust
tests which means we rebuild all the Rust code again in debug
mode etc.

Change the C unit tests to compile in C++ mode, which is
enough for local testing.

Longer term I think the C unit tests will go away in favor
of Rust tests.
2021-01-20 13:10:14 -05:00
Kelvin Fan
3f9fe06d24 daemon: Record agent's systemd service
In https://github.com/coreos/rpm-ostree/pull/2395/, agent's id is
recorded in the journal. Similarly, record the systemd service that
called the client, as well.

Related to https://github.com/coreos/rpm-ostree/issues/1747.
2021-01-20 10:13:02 -05:00
Colin Walters
2f82733e65 apply-live: Extend /etc test case
- Further nested sub/sub directories
- symbolic links that point to various corner cases like `/`, are
  broken, to parents etc.
2021-01-18 05:51:05 -05:00
Colin Walters
d0c6871d80 apply-live: Avoid clobbering changes in /etc
Gather the current diff of `/etc`, and filter out changes in
the tree which would overwrite it.

There is an OSTree API for diffs but it's a bit awkward, missing
some APIs in the Rust bindings and also `GFile` based unfortunately.
Doing this in Rust is nicer.  The dirdiff code obviously needs
a lot more testing, but I think it's right.
2021-01-15 05:41:53 -05:00
Colin Walters
6c66bf1072 Rename livefs → apply-live in more places
Keep up the renaming momentum by using the new name in more
places.

Prep for further work.
2021-01-12 03:15:49 -05:00
Colin Walters
29d051e895 Add fedora-integration: Support override replace https://bodhi/...
This adds support for e.g.:

```
$ rpm-ostree override replace https://bodhi.fedoraproject.org/updates/FEDORA-2020-2908628031
```

This will find the Koji builds from the listed update, download
all the RPMs (that aren't debuginfo) and pass them for overrides
in the same way we support `override replace http://somewebserver/foo.rpm`
now.

We also support directly linking a Koji build:
```
$ rpm-ostree override replace https://koji.fedoraproject.org/koji/buildinfo?buildID=1625029
```

Bodhi has a modern HTTP+JSON API, and the lack of a Koji equivalent
drove me to create https://github.com/cgwalters/koji-sane-json-api
and we currently depend on an instance set up in the OpenShift CI
cluster.

I hope it shouldn't take long to deploy this in Fedora Infra,
but I don't want to block on it.

Also notably this still downloads *all* the other RPMs even
ones that aren't installed.  Handling that truly correctly
would require moving this logic to the daemon and core.

All of this functionality is keyed off a `cfg(feature = "fedora-integration")`
that is detected by a Rust `build.rs` which parses the build environment's
`/etc/os-release` for now.
2021-01-11 13:03:04 -05:00
Colin Walters
2b9b83d9ce tests: Fix rsync of base rpmdb with sqlite
Apparently small rpmdb changes can cause the size to stay the
same due to preallocation, and rsync defaults to skipping files
based on (name, size, mtime).  It's really ostree's mtime canonicalization
that's unfortunate here.

Anyways, we obviously don't care about performance here so use
`-I` to disable that rsync check.

(Also remove the `mkdir -p` since it's not necessary since a long time)

Closes: https://github.com/coreos/rpm-ostree/issues/2435
2021-01-09 10:13:20 -05:00
Colin Walters
92a1fa5bc3 Complete move to cxx-rs for utils
This makes the C++ side a bit uglier because the "variable mapping"
is more Rust-native but we only use it Rust side anyways.
(We can't yet move the basearch bits to rust because it depends on
 libdnf, which requires buildsystem unification)

But all the unsafe FFI conversion drops out, as do the duplicated
C unit tests.
2021-01-07 11:46:52 -05:00
Colin Walters
485dbe8472 apply-live: Print a package diff
The cool thing about this is it emphasizes how "integrated" apply-live
is versus the uncontrolled `rpm-ostree usroverlay`.  We're still
tracking the state of things reliably and can print it.
2020-12-23 16:23:43 +01:00
Colin Walters
9d927e9850 daemon: Record the agent ID in the journal
Related to https://github.com/coreos/rpm-ostree/issues/1747

Basically after this we can have `rpm-ostree status` output
e.g. `Agent: zincati` at least *after* an upgrade has happened.
2020-12-16 13:55:11 +00:00
Colin Walters
d9e9e5cf9b Rename ex livefs to ex apply-live
(Keeping the old name for muscle memory compatibility for now)

I think `apply-live` is a clearer name; it's more imperative
and it may not be obvious (particularly to non-native English speakers)
to parse "livefs" as "live fs".
2020-12-14 11:55:09 -05:00
Colin Walters
cd2307ccc2 tests: Add case for running rpm -q in a %post
On traditional rpm systems this can hang because the outer
process may have an rpmdb lock, and the inner one wants
to acquire a lock.  Here we're sandboxing the `%post` script
and it's targeting a separate temporary filesystem compared to
the booted one (so there's no double locking).  Plus we don't
create the rpmdb in the target until all scripts have run.

Inspired by https://twitter.com/_msw_/status/1335981558717587473
2020-12-07 15:09:44 -05:00
Luca BRUNO
1b00f13d34 tests/override-kernel: support f33 2020-12-07 07:58:18 -05:00
Luca BRUNO
c3b37a0c3b tests/jsonutil: update invalid specifier
This fixes the invalid datetime testcase, picking a new specifier
as `%f` recently became a valid one in glib.

Ref: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1605
2020-12-07 07:58:18 -05:00
Colin Walters
a0a5db7b73 compose: Use static enablement for ostree systemd services
I was looking at the output of `ostree admin config-diff`
on a base FCOS boot.  It'd be really nice to trim that down
as much as possible, so we can cleanly capture the difference
between user config and system config.

Let's use static enablement rather than presets.
2020-12-02 22:40:31 +01:00
Colin Walters
bee9c0f605 Remove ex-container
I still think we should do this at some point, but
the experiment with using `GKeyfile` for configuration
is IMO a failure and the variety of data formats
(treefile JSON vs YAML vs origin keyfiles vs container keyfiles)
causes a lot of confusion.

Prep for https://github.com/coreos/rpm-ostree/issues/2326
2020-12-01 23:51:45 +01:00
Colin Walters
956d96bd1f livefs: Fix --target, add --reset and print diff
Makes this more useful.
2020-11-17 22:34:44 +01:00
Colin Walters
a76ddf0cef Rewrite livefs
Now always based on an overlayfs:
f2773c1b55
This fixes a whole swath of problems with the previous design,
including the danger in replacing `/usr/lib/ostree-boot` which
broke booting for some people.

Further, we don't need to push a rollback deployment; the livefs
changes are always transient.  So now we store livefs state
in `/run` instead of in the origin file.

Since we're doing a rewrite, it's now in Rust for much more safety.

We also always work in terms of incremental diffs between commits;
the previous huge hammer of swapping `/usr` was way too dangerous.
2020-11-16 19:07:16 +01:00
Colin Walters
7ed1c0b1e8 Remove coreos-rootfs command
This effectively reverts commit: c8113bde32
We never ended up using it; instead the `rdcore` bits from
`coreos-installer` have the rootfs reprovisioning logic.
2020-11-12 18:59:49 +01:00
Colin Walters
96c2d8998d daemon: Rewrite some core initramfs-overlay logic in Rust
We had a memory safety/UB bug in the C code; let's use
that as a good motivation to rewrite in Rust.  It's a nice
self contained bit.
2020-11-02 21:27:35 +01:00
Colin Walters
0345ef2da1 Disable boot-location: new test
We marked this as deprecated, and our CI is expensive right now.
We're unlikely to break this.
2020-10-30 11:55:38 +01:00
Jonathan Lebon
4da10dc11e Add new ex initramfs-etc command
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs (or
even a new OSTree commit). This will be useful for configuring services
involved in bringing up the root block device.

```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
  ostree://fedora:fedora/x86_64/coreos/testing-devel
                   Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
                    Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
              GPGSignature: (unsigned)
              InitramfsEtc: /etc/foobar

● ostree://fedora:fedora/x86_64/coreos/testing-devel
                   Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
                    Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
              GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```

See the libostree side of this at:
https://github.com/ostreedev/ostree/pull/2155

Lots more discussions in:
https://github.com/coreos/fedora-coreos-tracker/issues/94

Closes: #1930
2020-10-30 00:48:54 +01:00
Colin Walters
1b40810916 Make /run a directory in scripts
It's part of the expected standard environment, and its omission
ended up breaking some bootupd work.
See https://github.com/coreos/bootupd/pull/84#issuecomment-709414840
2020-10-22 16:43:00 -04:00
Colin Walters
5650f376fb Add --enable-rojig, disable by default
We're seeing some CI failures that I think are a bug in rojig.
In the bigger picture...we never actually started using this,
and I think longer term shipping os updates via containers
probably makes more sense.

I put a *lot* of effort into this code and it's pretty cool
so it's hard to just delete it.  And *maybe* someone out there
is using it (but I doubt it).  So rather than just deleting
it entirely let's make it a build-time option.

I verified that it builds at least.
2020-10-22 15:38:50 -04:00
Jonathan Lebon
821d2e1a46 tests/compose: Check filecaps of arping instead of ping
In f32, ping is no longer privileged since it ships with the sysctl for
`ping_group_range` which allows unpriv pings. Check the file caps of
arping instead, which does still use them.
2020-10-14 03:44:19 +02:00
Colin Walters
f370f7d24f tests: Loosen regexp for French date
Something changed format, not sure what.
2020-10-14 03:44:19 +02:00
Jonathan Lebon
d414ca1168 tests/compose: Drop FCOS postprocess scripts
Now that we've bumped to the latest FCOS commit for compose tests, one
thing that came up was that our compose tests never actually included
FCOS overlays in the compose the way cosa does.

This then cause compose failures because one of the postprocess scripts
expects those files there.

Let's just nuke all postprocess scripts here to work around this. I
initially wanted to import the overlay logic from cosa, but overlays
only work in unified core mode, and sadly we still want some coverage in
non-unified mode until that's fully dropped.

And anyway, we also already do a proper `cosa build` in the vmcheck
branch of CI so it's not like we're losing that coverage.

Down the line though, I think this is a good argument for folding the
overlay dirs into rpm-ostree more natively as discussed here:

https://github.com/coreos/coreos-assembler/pull/639#issuecomment-534713737
2020-10-14 03:44:19 +02:00
Jonathan Lebon
230a0ea810 tests/compose: Bump FCOS config commit to test
We were composing f31, which has now been untagged from the pool now
that FCOS is working on moving to f33 (see
https://github.com/coreos/fedora-coreos-tracker/issues/609#issuecomment-702393429).

Bump the commit to test here (this is the HEAD of `testing-devel` at the
time of this writing).
2020-10-14 03:44:19 +02:00
Colin Walters
456a3ec7c2 compose: Add rpmdb option, default to bdb
The design of https://fedoraproject.org/wiki/Changes/Sqlite_Rpmdb
is problematic for us for multiple reasons.  The first big reason
is that rpm-ostree is designed for "cross" builds and e.g. today
we use a Fedora-derived container to build RHEL CoreOS images.

However the default database lives inside the `rpm` package which
means that if we e.g. upgrade the coreos-assembler container to F33
it will suddenly try to use sqlite for RHCOS which is obviously broken.

Related to this, rebases from f32 to f33 w/layered packages
are broken: https://bugzilla.redhat.com/show_bug.cgi?id=1876194#c3

With this we can configure things to continue to use bdb for f33
for ostree-based systems, so that by enforcing an upgrade order
f32 → f33 [bdb] → f34 [sqlite] ... the intermediate f33 w/bdb
still understands sqlite and hence rebases will work.
2020-09-11 10:06:28 -04:00
Jonathan Lebon
71992e3d11 core: Use SOLVER_LOCK for locking base packages
For the Fedora CoreOS extensions work, when layering packages, we need
to be able to tell libsolv to pick the packages which will go with the
base packages. IOW, it needs to know that the base packages shouldn't be
uninstalled.

While investigating
https://github.com/coreos/fedora-coreos-tracker/issues/525, I realized
that libsolv does have a flag which allows us to express this:
`SOLVER_LOCK`.

This then allows libsolv to choose the right package for us (if found).
And in the case where it can't find a matching package, libsolv itself
will print exactly what the conflict is, which is more informative than
the "forbidden replacements" error we currently print out.

Update submodule: libdnf
2020-08-28 12:44:46 -04:00
Colin Walters
e3978c924f Add testutils generate-synthetic-upgrade
We want to test upgrades that actually change files as a general
rule; in some cases we want to test "large" upgrades to validate
performance.

This code generates a "synthetic" upgrade that adds an ELF note
to a percentage of ELF files (randomly selected).  By doing
it this way we are only actually testing one version of the code.

Migrated from https://github.com/coreos/coreos-assembler/pull/1635/
using the Rust code from https://github.com/ostreedev/ostree/pull/2127
2020-08-18 17:23:15 +02:00
Kelvin Fan
c9cb6005ff treefile: change remove-from-packages implementation
Fix https://github.com/coreos/rpm-ostree/issues/2068: `remove-from-packages`
deleting files that it shouldn't.
Filter out files that user wants removed at `checkout_package_into_root()`,
instead of at the `handle_remove_files_from_package()` function that does
not check whether files are used by other rpms before removing them.
2020-08-05 21:07:20 +02:00
Jonathan Lebon
2c6d24de0a vmcheck/rojig: Don't use ci.centos.org
It doesn't resolve to the right node from inside the CentOS CI:
https://lists.centos.org/pipermail/ci-users/2016-July/000301.html
2020-07-16 15:46:06 -04:00
Jonathan Lebon
2235fb6c5b ci: pull Fedora image from Quay.io
Seems like the Fedora registry is having trouble right now.
2020-07-16 15:46:06 -04:00
Kelvin Fan
4d836dd88e treefile: Allow greater/less than versions for pkgs
Add a helper function for whitespace_split_packages() so that it now
splits a String by whitespace only if it is not wrapped between single
quotes.

This should allow RHCOS to use syntax like podman > 1.4 in the treefile.

Also add new unit tests and tweak existing compose tests to test this
functionality.
2020-07-08 19:25:41 +02:00
Jonathan Lebon
f608eb09ed app: Add --lock-finalization switch to other commands
Both `upgrade` and `deploy` already support this. There's no reason why
all the remaining "deployment-creating" commands shouldn't. Prompted by
https://github.com/openshift/machine-config-operator/issues/1897 which
will need this specifically for `rebase`.
2020-07-08 16:02:59 +02:00
Colin Walters
d29627ca6e postprocess: Add a symlink /usr/lib/sysimage/rpm to the rpmdb
Following on to:

- http://lists.rpm.org/pipermail/rpm-maint/2017-October/006681.html
- https://github.com/coreos/rpm-ostree/pull/1142/
- https://github.com/openSUSE/libsolv/pull/386

Write a symlink in `/usr/lib/sysimage/rpm` pointing to our current
`/usr/share/rpm` - this way clients can start looking for it there,
and then at some point we'll flip the symlink around and
have `/usr/share/rpm` pointing to the new location.

(Doing a hard swap now has upgrade implications)
2020-07-08 03:30:15 +02:00
Jonathan Lebon
83b385bc59 libpriv/scripts: Replace crypto-policies lua script
The latest crypto-policies package changed recently to dynamically set
the policy at install time so that if FIPS is enabled, the selected
backend is `FIPS`:

9b9c9f7378

This doesn't really make sense for us though since the compose server
configuration should be decoupled from the installroot. (More generally,
this also affects e.g. `yum install --installroot`).

Override the script for now so that we always select the `DEFAULT`
policy. We'll discuss with upstream to see what the right solution is
there.

This also works around the fact that rpm-ostree doesn't yet implement
Lua (#749).

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1847454
Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/540
2020-06-17 15:05:53 -04:00
Jonathan Lebon
412d025e06 tests: Make more resistant to releasever changes
Now that cosa and FCOS have moved to f32, a bunch of tests are breaking.
Let's make them more resistant to releasever changes.

While we're here though, bump the container image we use on the target
host to f32, and update the systemd example output.
2020-06-02 19:37:43 +02:00
Colin Walters
1db9fa000f rebase: Remove requirement for --experimental with local rebases
We've been shipping the MCO code using this for a long time,
it needs to stay in its current form and is not experimental.
2020-05-29 15:14:32 -04:00
Colin Walters
37e7ab2e33 test-override-kernel: Support f32
CI is failing on this now that FCOS has switched.
2020-05-29 12:35:15 -04:00
Colin Walters
75ae584e6d tests/kola: Move into tests/kolainst, run installed
Switch to the "installed" model introduced by:
https://github.com/coreos/coreos-assembler/pull/1441

It's hard to support running tests *both* from the srcdir
and installed; in this case because we have a symlink that needs
to be followed, which kola knows how to do from the srcdir
but not when installed.  Let's establish a new convention of
`tests/kolainst`.   In our case we follow the symlink manually
for now.

That bit will be cleaned up when we eventually switch entirely
to kola tests.
2020-05-26 15:34:00 -04:00
Colin Walters
1bd69619eb treefile: Add readonly-executables
Same motivation as
7392259332

I think we should encourage removing the writable bits from
executables.  This has happened to me:
https://thomask.sdf.org/blog/2019/11/09/take-care-editing-bash-scripts.html

And not having the writable bit may help prevent hardlink
corruption with OSTree in some cases.

We can't do this by default, but add a convenient treefile option
for it.

This starts out by just doing this for RPMs, but I'll add
a secondary pass which does it during postprocessing soon too.
2020-05-12 08:39:37 -07:00
Colin Walters
6df03da742 tests: Move more code to kola
Continuing the migration.
2020-05-12 00:34:26 +02:00
Colin Walters
edeefcff23 tests: Trim out dead code from libtest.sh, rework SRCDIR
The main goal here is to get `assert_jq()` usable in
kola tests.

This was forked from ostree long ago but we aren't
using most of it.  I want to try to move this into kola where
we're just using `tests/common` but this code references
`tests/gpghome` which we weren't using.

Only a few things here reference `SRCDIR` - change those
to fail for now if it's not set, since we're not running
those tests in kola yet.  I will eventually try to
clean that up later.
2020-05-11 18:28:41 +02:00
Colin Walters
81f8931162 tests/runkola: New script
This may become `cosa kola-fast` or something.
2020-04-30 21:50:41 +02:00
Colin Walters
22bf449296 tests: Drain more readonly tests into nondestructive/misc
Part of migrating the test suite to kola.
2020-04-30 21:50:41 +02:00